public final class RSACryptor extends Object
基于大整数因式分解的数学难题(费马小定理) n=p*q, p,q互质 RSA Cryptor 加/解密 签名/验签
| 限定符和类型 | 类和说明 |
|---|---|
static class |
RSACryptor.RSAKeyPair
RSA密钥对
|
| 限定符和类型 | 方法和说明 |
|---|---|
static <T extends Key & RSAKey> |
decrypt(byte[] encrypted,
T key)
大数据分块解密
|
static <T extends Key & RSAKey> |
decrypt(InputStream input,
T key,
OutputStream out) |
static <T extends Key & RSAKey> |
decryptNoPadding(byte[] encrypted,
T key) |
static <T extends Key & RSAKey> |
decryptNoPadding(InputStream input,
T key,
OutputStream out) |
static <T extends Key & RSAKey> |
encrypt(byte[] data,
T key)
1、可以通过修改生成密钥的长度来调整密文长度
2、不管明文长度是多少,RSA生成的密文长度总是固定的
3、明文长度不能超过密钥长度:
1)SUN JDK默认的RSA加密实现不允许明文长度超过密钥长度减去11字节(byte):比如1024位(bit)的密钥,
则待加密的明文最长为1024/8-11=117(byte)
2)BouncyCastle提供的加密算法能够支持到的RSA明文长度最长为密钥长度
4、每次生成的密文都不一致证明加密算法安全:这是因为在加密前使用RSA/None/PKCS1Padding对明文信息进行了
随机数填充,为了防止已知明文攻击,随机长度的填充来防止攻击者知道明文的长度。
|
static <T extends Key & RSAKey> |
encrypt(InputStream input,
T key,
OutputStream out) |
static <T extends Key & RSAKey> |
encryptNoPadding(byte[] data,
T key) |
static <T extends Key & RSAKey> |
encryptNoPadding(InputStream input,
T key,
OutputStream out) |
static RSACryptor.RSAKeyPair |
generateKeyPair() |
static RSACryptor.RSAKeyPair |
generateKeyPair(int keySize)
密钥生成
|
static byte[] |
signMd5(byte[] data,
RSAPrivateKey privateKey)
MD5 sign
|
static byte[] |
signSha1(byte[] data,
RSAPrivateKey privateKey)
SHA1 sign
|
static byte[] |
signSha256(byte[] data,
RSAPrivateKey privateKey)
SHA256 sign
|
static boolean |
verifyMd5(byte[] data,
RSAPublicKey publicKey,
byte[] signed)
verify MD5 signature
|
static boolean |
verifySha1(byte[] data,
RSAPublicKey publicKey,
byte[] signed)
verify SHA1 signature
|
static boolean |
verifySha256(byte[] data,
RSAPublicKey publicKey,
byte[] signed)
verify SHA256 signature
|
public static RSACryptor.RSAKeyPair generateKeyPair()
public static RSACryptor.RSAKeyPair generateKeyPair(int keySize)
keySize - the RSA key size, optional is 512 or 1028
or 2048 or 4096public static byte[] signMd5(byte[] data,
RSAPrivateKey privateKey)
data - privateKey - public static byte[] signSha1(byte[] data,
RSAPrivateKey privateKey)
data - privateKey - public static byte[] signSha256(byte[] data,
RSAPrivateKey privateKey)
data - privateKey - public static boolean verifyMd5(byte[] data,
RSAPublicKey publicKey,
byte[] signed)
data - publicKey - signed - public static boolean verifySha1(byte[] data,
RSAPublicKey publicKey,
byte[] signed)
data - publicKey - signed - public static boolean verifySha256(byte[] data,
RSAPublicKey publicKey,
byte[] signed)
data - publicKey - signed - public static <T extends Key & RSAKey> byte[] encrypt(byte[] data, T key)
1、可以通过修改生成密钥的长度来调整密文长度
2、不管明文长度是多少,RSA生成的密文长度总是固定的
3、明文长度不能超过密钥长度:
1)SUN JDK默认的RSA加密实现不允许明文长度超过密钥长度减去11字节(byte):比如1024位(bit)的密钥,
则待加密的明文最长为1024/8-11=117(byte)
2)BouncyCastle提供的加密算法能够支持到的RSA明文长度最长为密钥长度
4、每次生成的密文都不一致证明加密算法安全:这是因为在加密前使用RSA/None/PKCS1Padding对明文信息进行了
随机数填充,为了防止已知明文攻击,随机长度的填充来防止攻击者知道明文的长度。
5、javax.crypto.Cipher是线程不安全的
大数据分块加密data - 源数据key - public static <T extends Key & RSAKey> void encrypt(InputStream input, T key, OutputStream out)
public static <T extends Key & RSAKey> void encryptNoPadding(InputStream input, T key, OutputStream out)
public static <T extends Key & RSAKey> byte[] decrypt(byte[] encrypted, T key)
encrypted - key - public static <T extends Key & RSAKey> byte[] decryptNoPadding(byte[] encrypted, T key)
public static <T extends Key & RSAKey> void decrypt(InputStream input, T key, OutputStream out)
public static <T extends Key & RSAKey> void decryptNoPadding(InputStream input, T key, OutputStream out)
Copyright © 2023. All rights reserved.